-
Notifications
You must be signed in to change notification settings - Fork 2
CI CD Pipeline
Automated checks in the CI pipeline are based off of the QASP requirements and implementation plan, as detailed in the Release Engineering Process page.
Based on ADR 2, we've (just about) decided to use the Forest Service Jenkins instance to host CI/CD (Continuous Integration & Continuous Delivery).
See the CI/CD diagram on Mural.
Jenkins configuration is kept in a separate repository hosted by the Forest Service / USDA. Updates are almost always done in partnership with the Forest Service's Cloud Foundation team. To request support, email Matt Reiss.
The repository is available on the FS/USDA GitHub Enterprise at forest-service/CI-CD-Program. (🔒 This requires a USDA eAuth account and access to FS/USDA GitHub Enterprise, which can be requested from Chaochung Tsai).
The Jenkinsfile references steps from the CI/CD Program's Step library.
For each Pull Request (and each commit to an open Pull Request branch), the following steps and checks occur. All of the checks must pass for code to be merged into deployable branches (development, main).
- Ensure that Jenkins reports back to the GitHub Checks API, in order to prevent merging code until all checks pass.
- Set up a GitHub integration with Teams for notification purposes.
- Figure out the Continuous Deployment strategy: do merges to
developmentautomatically deploy to the Forest Service AWS development environment? Are integration tests run on a staging environment? Are merges tomainautomatically deployed to production?
| Step | Pass Criteria | Implementation | Tool(s) Used | Jenkins Status | Deliverable |
|---|---|---|---|---|---|
| Check out the current code (pushed branch) | --- | --- | Git | ✅ | --- |
| Install dependencies for all parts of the technology stack | --- |
npm install in api & frontend |
NPM | To do | 5 |
| Check code style | All TypeScript files in src/ folders conform to Prettier style |
npx prettier --check api/src/**/.ts && npx prettier --check frontend/src/**/.ts |
Prettier | To do | 3 |
| Check code quality | All files pass the Quality Gate (TBD) | To do: Set up to have a Quality Gate (What's the standard? B grade and higher?) | SonarQube | To do | 9 (Non-QASP) |
| Check code security | No medium- or high-severity vulnerabilities detected | To do: Run security analysis on code, both api and frontend | SonarQube | Partial | 7 |
| Check dependency security vulnerabilities | No medium- or high-severity vulnerabilities detected | To document | OWASP | Partial | 7 |
| Create the database | Successful creation | To do: Figure out how to migrate using TypeScript/bash | To do | To do | 5 |
| Run spec and code coverage for both API and frontend | All tests pass, >= 90% code covered by tests |
npm run test in api & frontend, using Docker Compose; need to figure out how to check coverage of Jasmine tests |
Jasmine, Docker Compose | To do | 2 |
| Run accessibility tests against a server contained in the isolated build | All tests pass |
pa11y-ci in project root, running against a config file in git |
pa11y | To do | 4 |
- Steps should be ordered for fast failure: for example, we run static analysis checks (code style, quality, security) before longer steps like setting up the database and running integration tests.
- Jenkins Status indicates whether a check is implemented in Jenkins.
- To do: hasn't been added.
- Partial: may have been added but incomplete, or doesn't block merging via GitHub Checks API.
- ✅: Added, complete, and blocks merging via GitHub Checks API.
NRM-Grants-Agreements Path Analysis
Home
How we work
Tech
- Platform and Technologies
- Architecture diagram
- Architecture Decision Records (GitHub)
- Release Engineering Process
Design
- Our design approach
- Visual styles
- Design tools
- Timeline of design activities
- Design debt
- Additional design resources
User research